Description
The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components.
Published: 2026-05-26
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a low‑privileged local user to modify a temporary file created by the CODESYS Development System during administrative installation. By changing the file that specifies which components to install, the attacker can force the deployment of arbitrary components, resulting in local privilege escalation. The underlying weakness is a wrong default permission assignment (CWE‑276).

Affected Systems

The affected product is the CODESYS Development System from CODESYS. Version information is not specified in the advisory.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity, and the EPSS score of less than 1% indicates a very low but nonzero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local; a user with standard privileges can exploit the insecure directory permissions to modify the temporary file, elevate privileges, and potentially gain full control over the system.

Generated by OpenCVE AI on May 28, 2026 at 22:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a version that corrects the default directory permissions.
  • If a patch is not yet available, immediately tighten the file‑system permissions on the installation directory (e.g., set it to 700) to prevent non‑privileged users from modifying the temporary file.
  • Disable or monitor temporary file editing during component installation, and use file‑integrity monitoring to detect unauthorized changes.
  • Verify that installations are performed with the least privileged user account and consider using software restriction policies to limit which components can be deployed.

Generated by OpenCVE AI on May 28, 2026 at 22:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Codesys development System
Vendors & Products Codesys development System

Tue, 26 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components.
Title Incorrect Default Permissions in CODESYS Development System
First Time appeared Codesys
Codesys codesys Development System
Weaknesses CWE-276
CPEs cpe:2.3:a:codesys:codesys_development_system:*:*:*:*:*:*:*:*
Vendors & Products Codesys
Codesys codesys Development System
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Codesys Codesys Development System Development System
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-05-26T10:49:05.531Z

Reserved: 2026-05-06T17:08:03.356Z

Link: CVE-2026-44468

cve-icon Vulnrichment

Updated: 2026-05-26T10:49:00.471Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T08:16:21.990

Modified: 2026-05-28T20:11:52.993

Link: CVE-2026-44468

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T22:15:06Z

Weaknesses